Breach Includes 3,977 Student SSNs; 4,942 Employee SSNs
For Immediate Release
Media Contact: Aaron Titus
New York, NY – June 12, 2012 - Identity Finder, LLC (www.identityfinder.com) has analyzed the information exposed in the recent hack and breach announced by the Clarksville Montgomery County School System.
Identity Finder was on alert for the breach after a hacker tweeted a cryptic threat to release more than a hundred thousand "State Records/Citizen Records," on June 6, 2012.
Late June 9, 2012, the hacker posted a press release on pastebin.com with links to redacted images of Clarksville citizen personal information, but promised not to release any of the social security numbers to avoid risking "the safety of innocent children and hard-working Adults." The issue was referred to the school system, which initiated an investigation.
On Monday, June 11th, three hackers going by the name "SpexSec" claimed to release "14,525 Citizen Records" in two text files. These text files included names, social security numbers, email addresses, passwords, dates of birth, and other sensitive personal information. It is not known whether the hackers will release additional sensitive personal information from Clarksville, TN, but they have made additional threats to release new leaks. Identity Finder has analyzed the data released so far, and can confirm the following:
- Identity Finder found 8,919 unique social security numbers. 4,942 appear to belong to employees, and 3,977 appear to belong to students.
- Identity Finder found the full names and student IDs of 3,988 unique Clarksville, TN students.
- Of those, 1,313 students had their genders and dates of birth exposed. Those 1,313 students were born between April 14, 1987 and September 18, 1993.
- Identity Finder found the names and employee IDs of 4,943 Clarksville, TN district employees.
- Identity Finder found 248 employee usernames and passwords, and one employee's mother's maiden name.
- As of June 12, 2012, 9:00am Central time, the files containing the information have been taken offline. [Update:] As of approximately 3:30pm Eastern, June 13, 2012, a backup of the original file has been posted online by a hacker. It seems unlikely (but not impossible) that new data will be released at this point.
Identity Finder's data discovery and protection software provides companies the ability to prevent data leakage and find sensitive information. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world. You may download the free version of Identity Finder DLP Software here: http://identityfinder.com/free